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(54) Method for processing location information relating to a terminal connected to a packet 
network via a cellular network 



(57) A method (400) for processin Aocatlon infor> 
mation relating to a certain mobile sta^Pi in a cellular 
network is presented. The method Involves a first net- 
work element, which is connected to the cellular net- 
work, and second and third network elements, which are 
connected to a packet data network. The first network 
receives (401) a location infomnation request (201) re- 
lating to the mobile station from a second network ele- 
ment. The method is characterized in that a security 
document relating to the second network element is re- 



quested (404) from a third network element; establish- 
ment (406) of one security association pointing from the 
second networic element to the first network element 
and Involving Information is the security document Is in- 
itiated; after successful establishment of said security 
association, the data origin of the location sen/ice re- 
quest is authenticated (408); and after successful au- 
thentication, a location procedure relating to the mobile 
station in the cellular network Is initiated (410). Also a 
network element (900), a packet data devbe (950) and 
a mobile station (901) are presented. 
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Description 

[0001] The invention relates in general to locating a 
device, which is connected to a paclcet data network via 
an access network. The invention relates particulariy to 
transmitting location infomiation from the access net- 
wor1< to a location server In the packet data network, 
[0002] In cellular networks, for example in Global Sys- 
tem for Mobile communications (GSM), the cellular net- 
work keeps track of the location of a mobile station (MS) 
at least on cell level, it is also possible that the geo- 
graphical location of a MS is determined. Infomiation 
about the geographical location of a MS can be useful, 
for example, for certain services or in emergency situa- 
tions. 

[0003] There are various services available in the In- 
ternet Many of these services would gain from receiving 
Infomriation, which Indicates the location of the device 
asking for sen^ice. For example, an International busi- 
ness may have a service, which automatically gives in- 
formation about the stores or service points near the us- 
er's current location. Currently it is not possible to locate 
an IP device connected to the Internet, other than using 
its IP address. An IP address, on the other hand, is not 
a reliable way to locate a device, as using Mobile IP It 
Is possible to temporarily or more pemnanently change 
the location of a device without changing IP address. 
[0004] In GSM, there are certain circuit-switched data 
services using which it is possible to have a data con- 
nection between, for example, a laptop having a card 
phone and a server in the Internet. General Packet Ra- 
dio Service (GPRS), which is an addition to the GSM, is 
an example of a wireless packet switched networi<. 
GRPS and GSM, among other cellular networks, can be 
used as access networks to packet data networks. A 
packet data device can be connected to a mobile sta- 
tion, and via the mobile station and a cellular network, 
the packet data device can communicate with a packet 
data networi<. It is possible to locate the packet data de- 
vice, for example, by locating the mobile station to which 
it is connected. It would be convenient to transmit loca- 
tion infomiation about the packet data device to a server 
In the packet data network from an access network, for 
example from a cellular network. There are, however, 
problems relating to the confidentiality of location Infor- 
mation and to the need of authenticating the parties who 
request location infomnation. 

[0005] Figure 1 presents a schematic diagram of a 
GSM network and a GPRS networi< as an example of 
an access networi< through which a packet data device 
can be connected to a packet data network 130. A mo- 
bile station (MS) 101 communicates with a base station 
(BTS) 112a. There may be, for example, a lap top com- 
puter or other packet data device 1 02, connected to the 
mobile station 101. It is also possible that the mobile 
station Is capable of transmitting and processing packet 
data. In the GSM radio access network (RAN) 110, base 
stations are connected to base station controllers 



(BSC). In Figure 1 base stations 112a and 112b are con- 
nected to a base station controller (BSC) 113. The base 
station controller is responsible, for example, for alloca- 
tion of radio resources and for handling handovers, 

5 where a mobile station changes the base station it com- 
municates with. The base stations and base station con- 
trollers form the GSM RAN 110. 
[0006] There are separate core networks for the GSM 
and the GPRS. A GSM core network 140 comprises in 

10 the fixed part of the network Mobile Service Switching 
centers (MSG), and one MSG 141. to which the BSC 
113 is connected, is presented as an example in Figure 
1. The GSM core network 140 is usually connected to 
a Public Switched Telephone Network (PSTN), The 

'5 GPRS core network 120 comprises GPRS supporting 
nodes (GSN). Of these nodes, the one which interfaces 
a packet data network 130, for example the Internet, is 
called Gateway GPRS supporting node (GGSN). In Fig- 
ure 1 , a GGSN 122 is presented. Data packets may run 

so through many GSNs, which act as routers. A mobile sta- 
tion or a packet data device connected to the mobile sta- 
tion, which is the endpoint of the data connection, is 
reachable through one base station controller and the 
GSN connected to this base station controller is called 

25 Sen/ing GPRS support node (SGSN). In Figure 1, the 
mobile station 101 or device 102 is reachable via the 
BSC 113 and the GSN connected to this BSC is SGSN 
121. 

[0007] There are also network elements, which are 
30 common for the GSM and GPRS networks. In Figure 1 

the common part of the GSM and GPRS networks is 
presented as a separate network cloud 150. The com- 
mon part of the GSM and GPRS comprises, for exam- 
ple, Home Location Register (HLR) 151 and Visitor Lo- 
ss cation Register (VLR) 1 52. which take part in subscriber 
and mobility management. Furthermore, there is an en- 
tity called Mobile Location Center (MLC) 153, which is 
responsible for determining the location of a mobile sta- 
tion. 

40 [0008] An entity, which is external to the GSM net- 
work, may query the location of a certain mobile station 
, by sending a location request to a Gateway Mobile Lo- 
cation Center (GMLC). Figure 2 presents an example of 
the message sequence related to the locating of the mo- 
bile station. In Figure 2, the network elements relating 
to the procedure are mariced with vertical lines, and the 
name of the entity is above each line. The messages 
are marked with arrows. The messages and names of 
the messages are given as examples; the location pro- 

50 cedure may alternatively be carried out in a different 
manner than presented in Figure 2. An entity requesting 
tiie location of a certain mobile station Is usually called 
a Location Sen/ice (LCS) Client. This entity sends a LCS 
request 201 to the GMLC. The LCS request comprises 

55 an identifier, for example IMSI (International Mobile 
Subscriber Identifier) or MSISDN, specifying the mobile 
station, whose location is queried. The GMLC authenti- 
cates the LCS Client to make sure that It is entltied to 
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receive location information. After successful authenti- 
cation the GMLC asks with the Routing Data message 

202 the HLR, which is related to the mobile station, the 
current or latest MSC, through which the mobile has 
been reachable; this MSC is called the Visiting MSC ' 
(VMSC). After receiving infomfiation about the VMSC 
from the HLR, the GMLC send a Subscriber Request 

203 to this VMSC. The VMSC typically pages 204 the 
MS In question to receive information about the cell, in 
which the mobile station currently is. Thereafter the mo- io 
bile station is notified of the location query with a LCS 
notification 205. The mobile station may either allow or 
refuse its location to be told. If the mobile station allows 
its location to be totd, the VMSC asks a Serving Mobile 
Location Center (SMLC), which handles the location of 
mobile stations in the network the mobile station cur- 
rently is in, to locate the mobile station with message 
206. Thereafter the geographical location of the mobile 
station is detemnined. There are various possible ways 
to determine the location of a mobile station: the cellular 20. 
network may calculate the location of a mobile station 
using only the infomnation It has, the mobile station may 
provide some Infomnation for the location process, or the 
mobile station may perform the location itself, and in- 
fomi the network about its current location. When the 25 
SMLC determines the location of a mobile station, var- 
ious network elements, such as BSC, BS and MS itself, 
may be involved In the location process. The messages 
relating to detennining the location are presented in Fig- 
ure 2 with arrow 207. After the location has been deter- so 
mined, the SMLC returns the location information to the 
VMSC (message 208). The VMSC forwards the location 
information to the GMLC (message 209), which in turn 
sends a LCS response 21 0 to the LCS Client, which in- 
itiated the location query. 35 
[0009] It is possible to give ihfonmation about the lo- 
cation of a certain mobile station to a party, which Is not 
a part of the cellular network. The LCS Client in Figure 
2 is an example of such a party. The party requesting 
location information is usually authenticated, because 40 
location information generally needs to be treated in a 
confidential manner. Generally, there has to be a prene- 
gotiated contract between the cellular network operator 
and the party requesting location information. When the 
contract is made, usually some secret authentication in- 
formation (for example a shared key) is exchanged, and 
for each request, the party has to present it possesses 
this secret authentication infomnation, for example by 
encrypting a part of the location request message with 
the secret key. The GMLC has its copy of the secret keys so 
relating to the LCS Clients, for example. VVhen an LCS 
Client, for example, tells It Identity, the GMLC can then 
check using Its copy of the a secret key that the LCS 
Client encrypted the text with the correct key. it is also 
possible to carry out a separate authentication proce- ss 
dure. 

[001 0] It is also possible to locate a packet data device 
1 01 , which is connected to a packet data network via an 
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access network having location tracking capabilities. 
There may be, for example, a Location Sender LS 131 , 
which is connected to a packet data network 130, for 
example to the Intemet. In the Internet, the Identifier, 
which typically distinguishes devices from each other, is 
the IP address. The Location Server thus may know, for 
example, an IP address of a certain IP device. To be 
able to ask from a cellular network the location of the IP 
device, the Location Server must know to which mobile 
station the IP device is connected. The IP device may 
thus inform the Location Server, using for example a cer- 
tain application and protocol designed for this purpose, 
about its IP address and about the MSISDN number of 
the mobile station connected to the IP device. The IP 
address may be a static IP address, which stays the 
same even when the location of the mobile device/sta- 
tion changes, or a dynamic IP address allocated, for ex- 
ample, by the GPRS network. If a dynamic IP address 
is used, there is of course some other identifier such as 
MSISDN which typically together tell to the Location 
Server the identity of the IP device. 
[0011] There may be avast number of Location Serv- 
ers in the Internet. In principle, each of the Location 
Server operators should have a contract with each cel- 
lular network operator to ensure that it can locate an IP 
device which is connected to the Internet via a cellular 
network. The number of contracts a cellular network op- 
eratol" or a Location Server operator should thus make 
can be enormous. Furthermore, as a service in the In- 
ternet may have a short lifetime, ft can be a tedious work 
to maintain a database, for example, containing IP ad- 
dresses and authentication information of the Location 
Servers, which are authorized to receive location infor- 
mation from a cellular network. Furthenmore, a packet 
data device connected to a packet network via an ac- 
cess network, Tor example a cellular network, may wish 
to authenticate a Location Server before Information 
about the location of the packet data device is transmit- 
ted to the Location Server. 

[0012] An object of the invention is to present a flexi- 
ble and scalable method for processing location infor- 
mation relating to a packet data device, which is con- 
nected to a packet data network via an access network 
capable of detennining location, and for providing said 
location information to a network element, which is con- 
nected to the packet data network, after authenticating 
the network element requesting the location informa- 
tion. A further object of the invention is that the packet 
data device Is able to authenticate the network element 
requesting the location information. 
[0013] Objects of the invention are achieved by es- 
tablishing a security association towards a first network 
element, which Is connected to an access network hav- 
ing location determination capabilities and to which lo- 
cation information requests from a packet data network 
are sent, from a second network element with the help 
a third network element, which second and third network 
elements are connected to the packet data network. Op- 
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tionally a security association pointing from the second 
networl< elennent to the packet data device is also es- 
tablished. 

[001 4] A method according to the invention is a meth- 
od for processing location infomiation, which is related 
to a certain mobile station in a cellular network, the 
method comprising the step of: 

a first network element, which is connected to the 
cellular network, receiving a location infomiation re- 
quest relating to the mobile station from a second 
network element, which Is connected to a packet 
data network, characterized in that the method fur- 
ther comprises the steps of: 

requesting from a third network element, which 
is connected to the packet data network, a se- 
curity document relating to the second network 
element. 

- Initiating the establishment of at least one se- 
curity association, which security association 
specifies at least data origin authentication and 
points from the second network element to the 
first network element and which establishment 
involves use of information comprised in the se- 
curity document, 

after successful establishment of said security 
association, authenticating the data origin of 
the location service request, and 
if the data origin of the location service request 

is authenticated successfully, initiating a loca- 
tion procedure relating to the mobile station in 
the cellular networi^. 

A network element of a cellular networic is a net- 
work element according to the invention and it 
comprises 

means for receiving from a packet data network 
a location information request relating to a cer- 
tain mobile station, and 
means for Initiating a location procedure In the 
cellular networi<, and it is characterized In that 
it further comprises 

means for establishing security associations 
pointing to the network element from a network 
element of the packet data networic, 
means for perfonning security functions as 
specified by the security associations on data 
it receives from the packet data network, 
means which are an'anged to detenmine, If 
there is an existing security association point- 
ing to the networic element from a sender of a 
location information request, and 
means for initiating security association estab- 
lishment, which are arranged to establish a se- 
curity association if there does not exist a se- 
curity association, which points towards the 
network element from the sender of a location 
Information request. 



[0015] The invention relates further to a device being 
an integral part of a mobile station or being attachable 
to a mobile station, which is characterized In that It com- 
prises 

5 

means for receiving infonnation about a location in- 
formation request and about a sender of a location 
infomnatlon request from the mobile station and 
means for exchanging with a network element con- 
10 nected to a cellular network information about a se- 
curity association, which points to the networic ele- 
ment from the sender of the location information re- 
quest. 

15 [0016] The Invention relates also to a mobile station 
having means for receiving a notification from a cellular 
network about a location information request and means 
for responding to the cellular network with a notification 
response, which is characterized in that It further com- 

20 prises means for notifying a device, which is either an 
integral part of the mobile station or attached to the mo- 
bile station, about the location information request. 
[0017] In a method according to the invention, there 
is a first network element, which is typically a networic 

25 element of cellular network functioning as an access 
network to a packet data network. This network element 
is able to handle location information requests and re- 
sponses with external network elements. The Gateway 
Mobile Location Center described above is an example 

30 of such a first network element. The actual location of a 
mobile station can be determined by other networic ele- 
ments of the access networks or the mobile station may 
itself inform the access network of its location. The first 
and second network elements are connected to a pack- 

35 et data network, and via this packet data network the 
second network element may exchange infomnation 
•with the first network element. 
[0018] Before location information is transmitted to 
the second network element, the second network is au- 

40 thenticated. This can be done by establishing a security 
■ association from the second network element to the first 
network element, in this description term security asso- 
ciation refers to an agreed set of security services that 
are to be applied to the data transmitted from a first entity 

45 to a second entity; the unidirectional security associa- 
tion points towards the second entity. Each security as- 
sociation specifies at least one security service. Data 
origin authentication (authentication of the sending net- 
work element), data integrity and data encryption are ex- 

50 amples of such security services. They may also include 
some details about security key management: If secret 
key cryptography is used, they may indicate a key dis- 
tribution center, or if public key cryptography is used, 
they may indicate a certification center. A bi-directional 

55 security association Indicates the security sen^lces to be 
applied on data sent to either direction between two net- 
work elements. The security services relating to a first 
direction may be different from those relating to the op- 
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posite direction. 

[001 9] Before the security services indicated by a se- 
curity association can be used, the security association 
needs to be established. Especially in a packet data net- 
work, where there are no dedicated connections, the ex- s 
istence of a security association Is important for being 
able to securely transmit data. In this description the 
temn establishing a security association refers to a pro- 
cedure, where the first network element and the second 
network element in a secure manner negotiate the de- io 
tails of a security association pointing to one of them. 
One way to obtain a security asisociation is a separate 
contract, for example, between firms and thereafter con- 
figuring network elements so that security associations 
according to the contract are established. A more flexi- is 
ble and automatic way is to use a third network element, 
who is trusted by both the first network element and the 
second network element (or actually by the operators 
owning the first and second network elements), as an 
arbitrator. The third network element as an arbitratorcan so 
provide security documents to the first and second net- 
v/ork elements, and using the infonnatlon contained in 
these security documents, the first and second network 
element can check the origin of messages and thereaf- 
ter negotiate and establish at least one security associ- 25 
ation pointing towards the first network element. It may 
be assumed that after a security association is set, the 
negotiated security services are applied on the data 
packets relating to that security association. 
[0020] The use of a third networi< element as a key 30 
management center enables a first network element 
and a second network element to establish a security 
association without a previously negotiated contract. In 
a method according to the invention, a unidirectional se- 
curity association pointing towards the first network el- 3S 
ement is sufficient for the first network element, for ex- 
ample, to authenticate the origin of the location request 
to be the second network element and to check that the 
location request has not been tampered. There may be 
a second unidirectional security association pointing to- 40 
wards the second network element, this security asso- 
ciation specifying the authentication of origin. This way 
the second network element may check that a location 
response is sent by the first network element. Further- 
more, to keep location information private, the second 
security association may Indicate that the data is en- 
crypted. 

[0021] Usually the establishment of a security asso- 
ciation Is, however, not enough for transmitting location 
Infonnation. The first networi< element may check that so 
the second network entity is allowed to receive location 
information or the mobile station may deny its location 
Information to be sent to the second networic element. 
Furthemiore, the mobile station or a separate packet da- 
ta device connected to the mobile station may want to ss 
set up a separate security association pointing from the 
second network element towards itself and thereafter 
check the origin of the location information request. After 
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successfully authenticating the origin of the location in- 
. formation request, the location data may be transmitted 
to the second network element via the first networi< el- 
ement, to which it Is deliver by the cellular network using 
cellular network protocols. The location data may, alter- 
natively or- in addition, be transmitted from the packet 
data device directly to the second network element us- 
ing packet data protocols, or - if the packet data device 
is an integral part of the mobile station - from the mobile 
station directly to the second network element using 
packet data protocols. It Is possible that the location pro- 
cedure of the cellular networi( is used only to Inform the 
mobile station and the packet data device connected to 
the mobile station that the location of the packet data 
device is being requested. Thereafter the packet data 
device may detemnine Its location without involving the 
cellular network and transmit the location Information di- 
rectly to the second network element. 
[0022] The novel features which are considered as 
characteristic of the invention are set forth in particular 
in the appended Claims. The dependent claims de- 
scribe some preferred embodiments of the invention. 
The Invention itself, however, both as to its construction 
and its method of operation, together with additional ob- 
jects and advantages thereof, will be best understood 
from the following description of specific embodiments 
when read in connection with the accompanying draw- 
ings. 

Figure 1 Illustrates schematically an access network 
capable of locating a terminal and a packet 
data networi< according to prior art, 

Figure 2 illustrates a message sequence chart de- 
scribing a location Infomriatron transfer ac- 
cording to prior art. 

Figure 3 illustrates schematically a key manage- 
ment center In a packet data network and 
some security associations between the 
key management center and a Location 
Server and a Gateway Mobile Location 
Center, 

Figure 4 illustrates a flowchart of a method accord- 
ing to a first preferred embodiment of the 
invention, 

Figure 5 illustrates a message sequence chart relat- 
ing to the security documents and security 
association establishment according to a 
second pref ered embodiment of the inven- 
tion, 

Figure 6 illustrates a message sequence chart relat- 
ing to the security documents and security 
association establishment according to a 
third preferred embodiment of the inven- 
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tion, 

Figure 7 illustrates a flowchart of a rhethod accord- 
ing to a fourth preferred embodiment of the 
invention, 

Figure 8 illustrates a message sequence chart relat- 
ing to the security documents and security 
association establishment according to the 
invention, and 

Figure 9 illustrates a networlc element, a pacicet data 
device and a mobile station according to 
the invention. 

[0023] Figures 1 - 2 are discussed in detail in the de- 
scription relating to prior art. 

[0024] In the following, the GSM and GPRS networks 
are used as an example of an access network, which Is 
capable of locating a terminal communicating with the 
access network and though which it is possible to have 
a connection to a packet data network. Unrversai Mobile 
Telecommunication System is a further example of such 
an access network. Furthenmore, an IP network is used 
as an example of a packet data network and an IP de- 
vice is used as an example of a packet data device. The 
GMLC is used as an example of the first network ele- 
ment, a Location Server is used as an example of the 
second network element and a key management center 
is used as an example of the third network element. 
[0025] The Internet Security Association described in 
Security Architecture for the Internet Protocol (RFC 
2401) is an example of a security association. For the 
Internet Security Association it is specified that it can 
require data origin authentication or data encryption. A 
multiple of Intemet Security Associations may have to 
be established, if both data origin authentication and da- 
ta encryption are to be applied. A bi-directional security 
association can be implemented, for example, with two 
Intemet Security Associations pointing to opposite di- 
rections. The actual data origin and data Integrity serv- 
ice and data encryption service are provided by IPSec 
or Ipv6 protocol, when internet Security Associations 
are used. Data origin and data integrity services are pro- 
vided with an authentication header (AiH) and data en- 
cryption with encryption of the security payload (ESP). 
The use of Internet Security Associations provides se- 
curity services, which are applied on IP data packets. 
The Intemet Security Associations are established, for 
example, using the ISAKMP protocol or Oakley key ex- 
change protocol. Therefore It Is not necessary for the 
network elements, which are endpoints of an internet 
Security Association, to have additional applications or 
software in addition to the IPSec or Ipv6 and, for exam- 
ple, ISAKMP 

[0026] In a method according to the invention, it is also 
possible to use other security association than Internet 
Security Associations. A security association can be es- 



tablished between two higher-layer (above network lay- 
er) protocols or applications, too. It is also possible to 
tunnel a security association via some network ele- 
ments, or to use transitive security associations. Tran- 
5 sitive security association means that while there is a 
first security association from A to B and a second se- 
. curity association from B to C, there is a transitive se- 
curity association from A to B. 

[0027] Figure 3 illustrates Key Management Center 

10 KMC 1 32 and a Location Server LS 1 31 in a packet data 
network 130. It further presents in the GSM/GPRS net- 
work the Gateway Mobile Location Center GMLC 154, 
which is able to exchange packet data via the packet 
data network with the Location Server. A mobile station 

IS 1 01 Is also Illustrated, and an IP device 1 02 connected 
to the mobile station. Again, the IP device may be an 
integral part of the mobile station. 
[0028] For the Location Server to receive location In- 
formation, the GMLC has to be able to authenticate the 

so origin of the location infomnation request or, in other 
words, to be able to verify the identity the external client 
(Location Server) sending the location information re- 
quest. One way to do this is to have an established se- 
curity association, which specifies at least data origin 

25 authentication, pointing from the Location Server to- 
wards the GMLC. This security association is presented 
with the dashed arrow 301 in Figure 3. 
[0029] The Key Management Center is invoived in es- 
tablishing the security association by producing a secu- 

30 rity document, which allows the GMLS to authenticate 
LS before or during the establishment of the security as- 
sociation 301 . The KMC should thus be able to authen- 
ticate at least LS (either off-line beforehand or on-line 
during the location information request procedure) and 

35 be trusted at least by the GMLC, preferably by both the 
GMLC and the LS. In other words, the GMLC should 
accept, for example, public key certif k:ates signed by the 
. KMC or, if shared secrets are used, both the GMLC and 
the LS should each have a common shared key with the 

40 ■ KMC. In the first case the KMC is usually called a certi- 
fication agent and In the latter it Is a key distribution cent- 
er. The KeriDeros system is one example of a key distri- 
bution center. It is also possible that the KMC Is actually 
a tree of key management centers, and GMLC deals 

45 with one ieaf-KMC and LS deals with other leaf-KMC. 
Because the leaf-KMCs belong to a same tree, it is pos- 
sible to create a security document, which allows the 
GMLC to authenticate the LS securely. 
[0030] Figure 4 presents a flowchart describing a 

50 method according to the first preferred embodiment of 
the invention. In step 401 the GMLC receives a location 
information request message. Using the protocol head- 
ers of the data packet(s), for example^ it may check if at 
least data origin authentication is applied on the data 

55 packet(s) In step 402. If no data origin authentication 
Information is provided within the data packets. It can 
be assumed that there is no security association point- 
ing from the sender towards the GMLC. Therefore the 
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GMLC initiates security association establishment in 
step 403. It is also possible that the Location Server in- 
itiates the security association establishment before it 
requests location information; in that case the procedure 
starts in step 403. Details of the security association es- 5 
tablishment are discussed below. This security associ- 
ation establishment involves step 404, where the KMC 
is asked to produce a security document relating to the 
sender, and step 406, where the GMLC receives the se- 
curity document; Thereafter the security association es- io 
tablishment is carried out using at least some infonna- 
tion provided in the security document. To receive a lo- 
cation information request secured with proper data or- 
igin authentication, the GMLC may in step 407 ask the 
sender to transmit the request again (or for the first time, '5 
If the procedure started from step 403). 
[0031 ] If at least data origin authentication Infonmation 
is present in the data packet(s) relating to the location 
Infomnatibn request, after successfully authenticating 
the sender in step 408, the GMLC may check that the 20 
sender is authorized to receive location information in 
step 409. Thereafterthe GMLC initiates the GSM/GPRS 
location procedure in step 410. The GSM/GPRS loca- 
tion procedure may be, for example, such a procedure 
as presented in Figure 2. Furthemnore, It is possible that 25 
the GMLC wishes to transmit encrypted location Infor- 
mation. In this case a second security association point- 
ing from the GMLC towards the LS is also established. 
[0032] The contents of the security document issued 
by the KMC depend on whether secret key or public key 30 
cryptography is used. If public key cryptography is used, 
the security document relating to an entity X may be a 
certificate C(PKx, IDx; Skmc). where PKx is the public 
key of X, IDx is an Identifier indicating X (typically its IP 
address) and S^mq is a cryptographic signature pro- 3S 
duced by the KMC to prove the authenticity of the cer- 
tificate. Because there usually Is such a cryptographic 
signature in a public key certificate, it is not necessary 
to transmit the certificates using methods that provide 
data integrity and data origin authentication. If secret ^0 
key cryptography is used, the KMC usually needs to 
know the Identity of both entitles X and Y Involved In the 
security association establishment. The KMC may gen- 
erate a key Kx.y and place this Into the security docu- 
ment together with an identifier IDx- Thereafter it typi- 
cally encrypts the security document using a secret key 
Kkmc-Y' which it shares with Y. The security document 
SD, which is delivered to Y and relates to X, may thus 
be SD(IDx, Kx-y; Kkmc-y)- At least the key Kx.y in the 
security document SD is encrypted with the last argu- so 
ment Kkmc-y- KMC typfoally delivers the same se- 
cret key Kx.Y and identifier IDy in a second security doc- 
ument SD(IDy, Kx. y; Kkmc-x)' key K^mc-x "s a 
shared secret between X and the KMC. 
[0033] Figure 5 presents, as an example, a message 55 
sequence chart for carrying out the security association 
establishment according to a second preferred embod- 
iment of the invention, where secret key cryptography 
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Is used. In Figure 5, the GMLC initiates the procedure 
by sending a security association establishment request 
501 to the LS. The security association requested is a 
security association pointing towards the GMLC, and it 
is mariced here with SA(GMLC). The request 501 may, 
for example, explicitly state the endpoint of the security 
association, or the receiver may Infer the endpoint to be 
the sender of the request 501 . The LS may, after receiv- 
ing the request 501 , indicate that is wishes to establish 
a second security association SA(LS) with a request 
502. Typteally the SA(LS) Is requires the encryption of 
data. It is also possible that the GMLC asks also for the 
security association SA(LS), in which case the messag- 
es 501 and 502 can be single message. The LS asks 
the KMC for a security document relating to the GMLC 
with a security document request 503, and the KMC de- 
livers the security document SD(GMLC) (message 504 
in Figure 5). The security document SP(GMLC) may be, 
for example, SD(IDgmlc. »<ls-gmlc; Kkmc-ls). as dis- 
cussed above. Similariy, the GMLC asks the KMC for a 
security document relating to the LS with a security doc- 
ument request 505, and the KMC delivers the security 
document SD(LS) (message 506 in Figure 5). After re- 
ceiving the security documents the GMLC and LS can 
establish the requested security association (s) (arrow 
507 in Figure 5). Typically there is a separate protocol 
for establishing a security association, and authentica- 
tion of each other Is typically Involved in security asso- 
ciation establishment. When secret key cryptography Is 
used, the knowledge of the key Kls.gmlc usually test- 
ed in authentication. If the security associations are In- 
ternet Security Associations, the protocol to establish 
them Is typically ISAKMP. Furthemnore, it is also possi- 
ble that an existing protocol such as Oakley key deter- 
mination protocol or one of the other possible protocols 
for establishing security associations includes the mes- 
sages 501 -506 or similar messages. 
[0034] The order of the messages and the names of 
the messages presented in Figure 5 are examples. The 
messages can be, delivered In a different order. For ex- 
ample, as soon as the GMLC has received the location 
information request sent by the LS, the LS and GMLC 
know the identities of each other. They can ask the KMC 
to deliver the security documents before the security es- 
tablishment requests are sent 
[0035] Figure 6 presents, as an example, a message 
sequence chart for carrying out the security association 
establishment according to a third preferred embodi- 
ment of the Invention, where public key cryptography is 
used. When public key certificates are used, the GMLC, 
for example, can ask the KMC to deliver a certificate C 
(PKgmlc IDqmlc: Skmc) and deliver this certificate to 
the LS in the security association request message. It 
is also possible that the LS fetches the certificate C 
(PKgmlc 'Dgmlc: Skmc) from the KMC. In Figure 6. the 
GMLC asks the KMC to deliver the certificate C(PKgmlc. 
IDgmlcI Skmc). which is marked as SD(GMLC) in Figure 
6 (message 503). The KMC delivers the certificate 
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(message 504), and thereafter the GMLC sends a se- 
curity association SA(GI\/1LC) establishment request 

601 to the LS. This request 601 comprises also the cer- 
tificate. After the LS receives the request 601 , it can au- . 
thenticate GI\/1LC. The authentication can be can-ied out 5 
using, for example, a challenge-and-response authen- 
tication, or the LS can check the validity of a crypto- 
graphic signature, which GMLC has placed to the re- 
quest 601 . If the authentication of only GMLC is suffi- 
cient for establishing the security association SA(GM- io 
CL), it can be established at this point (arrow 602). If a 
second security association SA(LS) is required, similar 
messages are exchanged between the LS and the KMC 
(messages 505 and 506) and between the LS and GM- 
LC (security association SA(LS) request 603), Thereaf- '5 
ter the security association SA(LS) can be established 
(arrow 604). 

[0036] As discussed above, typically there is a sepa- ' 
rate protocol for establishing a security association. It is 
also possible that an existing protocol for establishing 
security associations includes the messages 601 and 

602 or similar messages. The order of the messages 
and the names of the messages presented In Figure 6 
are examples. The messages can be delivered in a dif- 
ferent order. Public Icey certificates can typically be 2s 
asked from a KMC (or, more precisely, from a Certifica- 
tion Agent CA) either online, during a certain procedure, 
or off-line, before the procedure. If the LS and GMLC 
already have a certificate of the other entity, they need 
not to ask them again from the KMC. 30 
[0037] In a fourth preferred embodiment of the inven- 
tion, the IP device, whose location is requested, wishes 
to authenticate the LS before location infomnation is de- 
livered to the LS. A flowchart of a method according to 
a fourth prefen-ed embodiment is presented in Figure 7. 35 
The flowchart is a continuation to the flowchart in Figure 
4, and it begins with step 410, where the location pro- 
cedure of a cellular network is initiated. In step 701 , the 
location procedure is carried out and at some point of 
the procedure a mobile station typically receives a noti- 40 
fication that its location is requested. In Figure 7, this 
occurs in step 702. The mobile station may inform an iP 
device connected to the mobile station about the loca- 
tion request (step 703). The indication sent to the mobile 
station may comprise an identifier of the LS, and it is 45 
possible that the IP device and the Location Server au- 
thenticate each other, for example, using a shared se- 
cret on which they have beforehand agreed. Authenti- 
cation using public keys is also possible. This is present- 
ed in step 704. After successful authentication, the IP so 
device and the Location Server can agree on the en- 
cryption method used to protect to location infomiation 
(step 705). The IP device may have some means of de- 
termining its location, for example a Global Positioning 
System receiver, and it may locate itself (step 706). 55 
Thereafter it may send the location infomiation to the 
Location Sen/er in step 707. 
[0038] Figure 7 present also alternatives, where the 
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IP device wishes to establish a security association 
pointing to Itself from the Location Server (step 708). It 
is possible that the GMLC is involved as a third party in 
this security association establishment (step 709); this 
is discussed in more detail below, it is also possible that 
a second security association, which points from the IP 
device to the Location Server and specifies, for exam- 
ple, encryption of data, is established (step 710). The 
first security association allows the IP device to authen- 
ticate the Location Server. The second security associ- 
ation is typically used, when the IP device determines 
its own location (step 706), and it allows the IP device 
to transmit location information confidentially to the Lo- 
cation Server (step 707). It is also possible that the IP 
device authorizes the mobile station to grant a pemiis- 
sion to transmit location information to the Location 
Server (step 71 1 ). in this case, it typically is suff blent to 
have only one security association pointing towards the 
IP device. After the -authorization, the mobile station 
sends to the cellular networic a message to^pemriit the 
transmission of location Infomnatlon (step 712). If the lo- 
cation of the mobile station is not yet determined, the 
location procedure is completed at this time. The mobile 
station may be involved here, and even determine its 
own location and transmit the infomnatlon via the cellular 
network to the GMLC. The location infomnatlon is trans- 
mitted to the Location Server typically from the GMLC 
in step 713. The sequence of steps in Figure 7 Is just an 
example of a method according to the Invention, simi- 
larly as the altematives presented in Figure 7. One fur- 
ther alternative, for example, is that the mobile station 
detennlnes Its location, and thereafter the IP device 
trarismlts the irifomnation to the Location Server. 
[0039] In a method according to the invention, the Lo- 
cation Server and the IP device may thus additionally or 
optionally establish security associations between 
themselves, if they have a common key management 
center in the Internet. Once the IP device has authenti- 
cated the LS, it can notify the mobile station to commu- 
nicate to the GMLC (or to another network entity in the 
cellular network) a permission to transmit the location 
information. One alternative for the IP device to authen- 
ticate the LS is to be involved in establishing a security 
association pointing from the IP device itself towards the 
LS. Properly selected security associations allow the LS 
and IP device to authenticate each other. 
[0040] As discussed above, it is possible that the IP 
device or the LS wishes to establish security associa- 
tions between the IP device and the LS, and in the In- 
ternet there may not be a common key management 
center which both the IP device and LS tmst for their 
data origin authentication and payload encryption. The 
GMLC tnjsts the mobile station, as the mobile station is 
authenticated by the cellular network. The mobile sta- 
tion trusts the cellular network and the GMLC by default 
or through building security associations between the 
GMLC and the mobile station. The IHRL of the mobile 
station may act as a key management center for the MS 
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and GMLC, if needed. The mobile station, furthennore, 
can perfonn mutual authentication with the tP device. 
This is a feasible way to establish security associations 
between the Location Server and the IP device, after the 
GMLC has authenticated the Location Server, using the 
GMLC as a key management center. The authentication 
of the Location Server can, for example, be a part of es- 
tablishing a security association between the Location 
Server and the GMLC presented in Figures 5 and 6. Fig- 
ure 8 presents a message sequence chart relating to es- 
tablishment of the bi-directional security associations be- 
tween the IP device and the LS (c/. steps 706-710 in 
Figure 7). The IP device asl<s from the GMLC an estab- 
lishment of a security association towards the LS (mes- 
sage 801). Alternatively, this message can be sent by 
the Location Server. If the GMLC has not already authen- 
ticated the Location Server, the GMLC typically needs 
to establish security associations with the Location 
Server first. It may perfomn the procedure presented in 
Figure 5 or 6 at this point. Itth^« already are, for ex- 
ample, bi-directional security associations between the 
Location Server and the GMLC enabling at least data 
origin authentication, then the GMLC may proceed to 
sending to the IP device a security document relating 
to the Location Server (message 802). The security 
document typically is a security document SD(IDls, 
Kts-iPdevice; KcMLC-iPdevice). a similar security doc- 
ument SD(ID|pdevlce. KLs-IPdevloe; Kq^^lC-Ls). Sent tO 

the Location Server (message 803). The security docu- 
ments may alternatively be public key certificates Issued 
by the GMLC, if the GMLC knows the public key of the 
Location Server and IP device. With the help of the in- 
formation included in the security documents, the Loca- 
tion Server and IP device can establish a bi-directionat 
security association between themselves (arrow 804). 
If the security associations are Internet Security Asso- 
ciations, It is possible that a niultiple of unidirectional In- 
ternet Security Associations is established. 
[0041] Especially if the IP device Itself has positioning 
capability, for example there is a built-in GPS receiver 
in the IP device, it may wish to exchange infomriatlon 
about its geographical location directly with a Location 
Server. In this case it Is possible that after the mobile 
station receives a LCS notification, the IP device and 
the Location Server establish security associations be- 
tween themselves and exchanges location information, 
as discussed above. This exchange of location informa- 
tion may occur, for example, In addition to the location 
infonnation transmission from the GMLC to the Location 
Sender. It is also possible that the mobile station denies 
the cellular networic to transmit infonnation to the Loca- 
tion Server, but the IP device, after authenticating the 
Location Sen/er, transmits location Infonnation to the 
Location Sen/er. 

[0042] Figure 9 illustrates schematically a network el- 
ement 900 of a cellular networi< according to one em- 
bodiment of the invention, a packet data device 950, 
which is attachable to a mobile station or an Integral part 



of a mobile station, according to the invention and a mo- 
bile station 901 according to the Invention. The networi< 
element 900, packet data device 950 and mobile station 
901 may support any method according to the Invention, 
5 preferably one of those described as preferred embod- 
iments of the invention. 

[0043] A network element 900 of a cellular network 
has the following means: means (91 0) for receiving from 
a packet data network a location infonnation request re- 

10 latlng to a certain mobile station, and means (920) for 
Initiating a location procedure in the cellular network. 
Furthermore, it has means (930) for establishing secu- 
rity associations pointing to the network element from a 
network element of the packet data network, this secu- 

15 rity association establishment typically Involving a Key 
management Center in a public packet data network. 
Further it has means (931) forperfomning security func- 
tions as specified by the security associations on data 
It receives from the packet data network, means (932) 

20 which are arranged to determine, if there Is an existing 
security association pointing to the network element 
from a sender of a location infonnation request, and 
means (933) for initiating security association establish- 
ment, which are arranged to establish a security asso- 

25 elation If there does not exist a security association, 
which points towards the network element from the 
sender of a location infonnation request. Typically the 
means are realized using microprocessors and soft- 
ware. The means comprised In the security block are 

30 typically realized using Internet protocol, I PSec protocol 
and, for example, ISAKMP and Oakley. 
[0044] The network element 900 may additionally 
have means (940) for receiving, for example, from an I P 
device reachable via the cellular networic a request 

35 about a security association, which points to the networi< 
element from a certain network element of the packet 
data networic. The network element may have means 
(932) for determining whether a requested security as- 
sociation exists, and means for transmitting (940) infor- 

40 matlon about the requested security association to the 
device. The networic element 900 may also additionally 
have means (943) for receiving a request to produce se- 
curity documents relating to the device and to the sender 
of a location Infonnation request, and means (944) for 

45 producing a first security document relating to the device 
and a second security document relating to the sender 
of the location information request. 
[0045] The network element 900 may be a networi< 
element of a GSM/GPRS network, preferably a Gate- 

50 way Mobile Location Center, or a network element of a 
UMTS network. 

[0046] A packet data device 950 is either an integral 
part of a mobile station or It Is a separate device which 
can be attached to a mobile station. In the latter case it 
55 may be, for example, a laptop computer or a personal 
organizer. The packet data device 950 has means (960) 
for receiving information about a location information re- 
quest and about a sender of a location information re- 
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quest from the mobile station and means (970) for ex- 
changing with a network element connected to a cellular 
network infomiation about a security association, which 
points to the network element from the sender of the lo- 
cation infomiation request. 

[0047] The packet data device 950 may additionally 
have means (980) for establishing a second security as- 
sociation (presented as arrow 302 in Figure 3), which 
points to the device from the sender of the location in- 
fonnation request and specifies at least data origin au- 
thentication. It may further have means for requesting a 
network element of the cellular network to produce se- 
curity documents relating to the device and to the sender 
of the information request for the establishment of the 
second security association, as discussed in connection 
with Figure 7. 

[0048] Furthermore, the packet data device 950 may 
have means (990) for transmitting to the mobile station 
a pennisslon to send location infomiation to the sender 
of the location information request, when there exists a 
security association pointing from the sender of the lo- 
cation Information request to the GMLC, for example. 
Once the device has ascertained itself that the GMLC 
has authenticated the Location Server, it may decide to 
pemnitthe transmission of location Information, it is also 
possible that the packet data device 950 has means for 
locating itself, for example an in-built GPS receiver 995. 
[0049] The mobile station 901 has means for receiv- 
ing from a cellular network a notification about a location 
infonTiation request and means for responding to the 
cellular network with a notification response. It further- 
more has means for notifying a device, which is attached 
to the mobile station, about the location Information re- 
quest, 

[0050] The means for responding to the cellular net- 
wori< may expect the device to give a pennission, and 
only thereafter send a positive response is sent to the 
cellular network. In other words, the means for respond- 
ing to the cellular network are initiated by a pemiission 
sent by the devtee. 
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3. 



4. 



a security document relating to the second net- 

- wori< element, 

- Initiating the establishment (406) of at least one 
security association, which security association 
specifies at least data origin authentication and 
points from the second network element to the 
first network element and which establishment 
involves use of information comprised in the se- 
curity document, 

after successful establishment of said security 
association, authenticating (408) the data ori- 
gin of the location service request, and 
if the data origin of the location service request 
is authenticated successfully, initiating (410) a 
location procedure relating to the mobile station 
in the cellular network. 

A method according to claim 1 . characterized in 
that the security document relating to the second 
networi< element is a public key certificate, which 
comprises an identifier specifying the second net- 
work element and a public key of the second net- 
work element and which is cryptograph leal ly signed 
by the third network element 

A method according to claim 1. characterized in 
that it further comprises the step of: 

requesting from the third networi< element a 
second security document relating to the first 
networi( element. 

A method according to claim 3, characterized in 
that the security document comprises a first key. 
which Is encrypted using a second key shared be- 
tween the first network element and the third net- 
work element, and the second security document 
comprises the first key, which is encrypted using a 
third key shared between the second networic ele- 
ment and the third network element. 

A method according to claim 3, characterized in 
that it further comprises the step of: 



1. A method (400) for processing location information, 
which is related to a certain mobile station In a cel- 
lular network, the method comprising the step of: 

• a first hetworic element, which is connected to 
the cellular network, receiving (401) a location 
information request (201) relating to the mobile 
station from a second network element, which 
is connected to a packet data network, charac- 
terized In that the method further comprises 
the steps of: 

- requesting (404) from a third network element, 
which is connected to the packet data network, 



45 



50 



55 



initiating the establishment of a second security 
association from the first network element to 
the second network element using at least in- 
fomiation comprised in the second security 
document. 

A method according to claim 5, characterized In 
that the security association is a set of Internet Se- 
curity Associations pointing from the second net- 
work element to the first network element and the 
second security association is a second set of In- 
ternet Security Associations pointing from the first 
networi( element to the second network element. 
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9. 



A method according to claim 5. characterized In 
that the second security association specifies at 
least data encryption. 

A method according to claim 1 , characterized In 
that the security association is a set of Internet Se- 
curity Associations pointing from the second net- 
work element to the first network element. 

A method according to claim 1 , characterized In 
that it further comprises the steps of: 



least data origin authentication and points from 
- the second network element to a packet data 
device, which is either connected to the mobile 
station or is an integral part of the mobile sta- 
5 tion. 

14. A method according to claim 10, characterized In 
that the location infomiation relating to the mobile 
station Is transmitted from a device, whk:h is either 
10 connected to the mobile station or is an integral part 
of the mobile station. 



a third network element, which is connected to 
the packet data network, producing (404) said 
security document^ 

establishing (406) at least one security associ- 
ation, which specifies at least data origin au- 
thentication and which points from the second 
network element to the first network element, 
using at least infomnation comprised In the se- 
curity document, and 

after the establishment of said security associ- 
ation, authenticating (408) the data origin of the 
location service request, and 
carrying out (701 ) a location procedure relating 
to the mobile station In the cellular network. 

10. A method according to claim 9, characterized In 
. that it further comprises the step of: 

transmitting (707, 713) location information re- 
lating to the mobile station to the second net- 
woric element. 

11. A method according to claim 10, characterized in 
that the location information relating to the mobile 
station is transmitted to the second network ele- 
ment from the first network element. 

12. A method according to claim 11, characterized In 
that It further comprises the steps of: 

the third network element producing a second 
security document relating to the first network 
element, and 

establishing a second security association, 
which specifies at least data encryption and 
points from the first networic element to the sec- 
ond network element, using at least the infor- 
mation specified in the second security docu- 
ment. 

13. A method according to claim 10, characterized In 
that It further comprises the step of: 

- before transmitting the location Information to 
the second networic element, establishing (708) 
a third security association, which specifies at 



15. A method according to claim 14, characterized In 
that it further comprises the step of: 

IS 

- before transmitting the location Information to 
the second network element, establishing (708) 
a third security association, whbh specifies at 
least data origin authentication and points from 
20 the second network element to a packet data 

device, which is either connected to the mobile 
station or an integral part of the mobile station. 

16. A method according to claim 15, characterized In 
2s that it further comprises the step of: 

before transmission of location information, es- 
tablishing (710) a fourth security association, 
which specifies at least data encryption and 
30 which points to the second network element 

from said packet data device. 

17. A method according to claim 14, characterized In 
that it further comprises the steps of: 



35 

the mobile station receiving (702) a notification 
relating to the location procedure relating to the 
mobile station, 
and 

40 - the mobile station informing (703) said packet 
data device about the notification. 

18. A method according to claim 1, characterized In 
that the first network element is a network element 

45 of a GPRS network. 

19. A method according to claim 18, characterized in 
that the first network element is a Gateway Mobile 
Location Center. 

50 

20. A method according to claim 1, characterized In 
that the first network element is a network element 

of a UMTS network. 

ss 21. A networic element (900) of a cellular network, the 
networic element having 

means (910) for receiving from a packet data 
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network a location information request relating 
to a certain mobile station, and 

- means (920) for initiating a location procedure 
in the cellular network, characterized In that it 
further comprises 

means (930) for establishing security associa- 
tions pointing to the network element from a 
network element of the packet data network, 

- means (931) for perfomning security functions 
as specified by the security associations on da- 
ta it receives from the packet data network, 
means (932) which are arranged to detemiine, 
if there is an existing security association point- 
ing to the network element from a sender of a 
location infomnation request, and 

- means (933) for initiating security association 
establishment, which are arranged to establish 
a security association if there does not exist a 
security association, which points towards the 
network element from the sender of a location 
information request. 

22. A network element according to claim 21 , charac- 
terized In that it further comprises 

- means (940) for receh^lng from a device reach- 
able via the cellular networic a request about a 
security association, which points to the net- 
work element from a certain network element 
of the packet data network, 

- means (932) for determining whether a re- 
quested security association exists, and 

- means (940) for transmitting Information about 
the requested security association to the de- 
vice. 

23. A network element according to claim 21 , charac- 
terized in that it further comprises 

- means (943) for receiving a request to produce 
security documents relating to the device and 
to the sender of a location Infonnation request, 
and 

means (944) for producing a first security doc- 
ument relating to the device and a second se- 
curity document relating to the sender of the lo- 
cation information request. 

24. A network element according to claim 21 , charac- 
terized In that It is a network element of a GPRS 
network. 

25. A network element according to claim 24, charac- 
terized in that it is a Gateway i^obile Location 
Center. 

26. A network element according to claim 21 , charac- 
terized In that It Is a network element of a UMTS 



networic. 

27. A packet data device (950) being an integral part of 
a mobile station or being attachable to a mobile sta- 

5 tlon, characterized in that it comprises 

means (960) for receiving information about a 
location information request and about a send- 
er of a location Information request from the 

10 mobile station and 

- means (970) for exchanging with a network el- 
ement connected to a cellular network informa- 
tion about a security association, which points 
to the network element from the sender of the 

IS location information request. 

28. A device according to claim 27, characterized in 
that it further comprises means (980) for establish- 
ing a second security association, which points to 

20 the device from the sender of the location informa- 
tion request and specifies at least data origin au- 
thentication. 

29. A device according to claim 28, characterized in 
25 that it further comprises means (980) for requesting 

a network element of the cellular networic to pro- 
duce security documents relating to the device and 
to the sender of the information request for the es- 
tablishment of the second security association. 

30 

30. A device according to claim 27, characterized in 
that It further comprises means (990) for transmit- 
ting to the mobile station a pemnission to send loca- 
tion information to the sender of the location Infor- 

35 mation request, which means are arranged to trans- 
mit the pennisslon when there is said security as- 
sociation. 

31. A device according to claim 27. characterized in 
40 that it further comprises means for locating itself. 

32. A device according to claim 31, characterized In 
that it comprises a Global Positioning System re- 
ceiver. 

45 

33. A mobile station (901), having means for receiving 
a notification from a cellular network about a loca- 
tion information request and means for responding 
to the cellular networic with a notification response, 

50 characterized in that it further comprises means 
for notifying a packet data device, whteh is either an 
integral part of the mobile station or attached to the 
mobile station, about the location information re- 
quest. 

55 

34. A mobile station according to claim 33, character- 
ized in that the means for responding to the cellular 
network are arranged to be Initiated by a pemnission 
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sent by the packet data device. 
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